371
|
5.4 |
MEDIUM
Network
|
jesweb
|
anchor_episodes_index
|
The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-10189
|
2024-10-30 00:27 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
372
|
7.8 |
HIGH
Local
|
intel
|
extreme_tuning_utility
|
Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2023-28407
|
2024-10-30 00:27 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
373
|
5.5 |
MEDIUM
Local
|
apple
|
macos iphone_os ipados watchos tvos visionos safari
|
The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted we…
Update
|
NVD-CWE-noinfo
|
CVE-2024-44185
|
2024-10-30 00:22 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
374
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause a coprocessor crash.
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-40810
|
2024-10-30 00:21 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
375
|
4.3 |
MEDIUM
Network
|
colorlib
|
simple_custom_post_order
|
Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a …
Update
|
CWE-862
Missing Authorization
|
CVE-2024-49321
|
2024-10-30 00:20 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
376
|
- |
|
-
|
-
|
Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass …
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-50334
|
2024-10-30 00:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
377
|
- |
|
-
|
-
|
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly…
New
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2024-49769
|
2024-10-30 00:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
378
|
- |
|
-
|
-
|
Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP…
New
|
CWE-444 CWE-367
HTTP Request Smuggling Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2024-49768
|
2024-10-30 00:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
379
|
- |
|
-
|
-
|
Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By des…
New
|
CWE-285
Improper Authorization
|
CVE-2024-48921
|
2024-10-30 00:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
380
|
4.1 |
MEDIUM
Local
|
hitachienergy
|
unem foxman-un
|
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is
stored in cleartext within a resource that might be accessible to another control sphere.
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-28024
|
2024-10-30 00:15 |
2024-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|